The Identity Applications server supports APIs that expose all OAuth functionalities as endpoints for obtaining access tokens, and so forth.
The following is an example of the authentication sequence:
GET http://<ip address/DNS name of identity applications>:8180/idmdash/
Result: 200 text/html
The query includes a bunch of requests to obtain stylesheet (css), JavaScript, and so on.
The Landing Page makes a request to Identity Applications with no authorization header as the landing page has no access token.
GET http://prvdvnam850.namdom025.lab:8180/IDMProv/rest/access/users/fullName
Authorization header: none
Result: 401 error
As Identity Applications do not yet have an OAuth access token, it responds with a 401 error. This causes the Landing page to go to OSP to get an access token. Note that there are no OSP cookies yet.
GET http://<ipaddress>:8180/osp/a/idm/auth/oauth2/grant?response_type=token&redirect_uri=http:// <ipaddress>:8180/landing/com.netiq.ualanding.index/oauth.html&client_id=ualanding&state=spiffystate0.7645864660083901
Result: 200 text/html (The resulting page is the OSP login page)
The query includes a bunch of requests to obtain stylesheet (css) and favicon.
The result of the request to OSP (from the browser's point-of-view) is that a page is displayed with entry fields for the user's name and password. There are also cookies returned from OSP with the login page that will be sent by the browser in subsequent requests.
POST http://<ipaddress>:8180/osp/a/idm/auth/app/login?acAuthCardId=np-contract-{%24default-card}&sid=1
Cookies: JSESSIONID 95...79 End Of Session
x-oidp-oauth2-1449687159117—1013136951 "Wtf...zx0~" End Of Session
x-oidp-session59303d34382c2d310 200-GX0...97kISI~ End Of Session
Result: 302 Redirect to OSP implicitcontinue
GET http://<ipaddress>:8180/osp/a/idm/auth/oauth2/implicitcontinue?privateId=bb5b94976815f348307b&client_id=ualanding&irdpkg=1449687159117--1013136951
Cookies: JSESSIONID 95...79 End Of Session
x-oidp-oauth2-1449687159117--1013136951 "Wtf...zx0~" End Of Session
x-oidp-session59303d34382c2d310 200-PP+...RzX0F6 End Of Session
Result: 302 Redirect to Identity Manager landing OAuth result page
After an internal redirect between the OSP pages, the result is a redirect to the redirect_uri parameter that was originally sent with the initial request to OSP.
GET http://<ipaddress>:8180/idmdash/oauth.html
Cookies: x-oidp-session59303d34382c2d310 200-AZ...b/HQ~~ End Of Session
Result: 200
A fragment containing the access token (see section 4.2.2 of RFC 6749) is appended to the URL. The Landing page extracts the OAuth access token from this fragment. You cannot see this fragment because HTTP does not capture it.
The Landing Page again makes the “who am I” request, but this time with an authorization header as the Landing page has an access token.
GET http://<ipaddress>:8180/IDMProv/rest/access/users/fullName
Authorization header: Authorization bearer eHw...343
Result: 200 {"dn":"cn=mary,ou=users,o=data","name":"Mary Contrary"}